Due to multiple security advisories for the library in 2017.
Diff:
https://github.com/simplesamlphp/simplesamlphp/compare/v1.14.11...v1.14.17
Releases:
https://github.com/simplesamlphp/simplesamlphp/releases
Security advisories:
https://simplesamlphp.org/security/201703-01
https://simplesamlphp.org/security/201703-02
https://simplesamlphp.org/security/201704-01
https://simplesamlphp.org/security/201704-02
https://simplesamlphp.org/security/201705-01
https://simplesamlphp.org/security/201708-01
https://simplesamlphp.org/security/201709-01
https://simplesamlphp.org/security/201710-01
This is independent of all the issues related to upgrading the library to version 1.15.
Comment | File | Size | Author |
---|---|---|---|
#2 | upgrade-simplesamlphp-library-2932365-2.patch | 280 bytes | timwood |
Comments
Comment #2
timwoodPatch to composer.json
Comment #3
dakku CreditAttribution: dakku commentedHi thank you for the patch.
We have a number of open threads regarding updating the lib version. Please see ongoing discussions here:
https://www.drupal.org/project/simplesamlphp_auth/issues/2929202
Comment #4
timwoodHi dakku,
Glad I was able to provide the patch.
As I mentioned in the original issue, this issue and the patch provided is separate from the issue(s) related to upgrading the library to version 1.15. This patch only upgrades the library to the most recent 1.14 version (1.14.17), which includes all current security patches.
I'm going to continue to use this patch and, due to security issues with the library, it's probably a good idea to prioritize this and include it in a release asap.
Comment #5
dakku CreditAttribution: dakku commentedHi Tim,
Thanks - I think it makes sense for us to do a new dev release and maybe open it for some feedback.
Comment #6
timwoodThank you.
Comment #8
dakku CreditAttribution: dakku commentedHi Tim,
This is pushed over in the Dev branch. If you can take it for a spin and confirm, I will create a new release tag.
Comment #9
dakku CreditAttribution: dakku commented